How to Change Router Port Number to Increase Security

The default Telnet port for most Cisco router products is 23, making it an easy target for hackers or malicious actors to exploit. Changing the default port number and blocking port 23 can therefore improve network security to some extent.

Here are 4 steps to configure a VTY interface password, change the Telnet port number, and block port 23:

Step 1: Configure a Password for the VTY Interface

Router(config)#line vty 0 X ## X varies depending on the router model

Router(config-line)#password Telnet-password ## Set the Telnet password

Router(config-line)#login ## Enable password authentication

Step 2: Change the Telnet Port

Router(config-line)#rotary N ## N represents a number (on a Cisco 3500, the range is <1-99>). The new port is calculated by adding N to the base number 3000. For example, if N=2, the Telnet port for login becomes 3002.

Step 3: Block the Default Port 23

1) Set up an extended access list

Router(config)#access-list 101 deny tcp any any eq 23

Router(config)#access-list 101 permit ip any any

Of course, if you want to restrict the IP range allowed to Telnet to the router, you can change access-list 101 permit ip any any to:

access-list 101 permit ip A.B.C.D E.F.G.H I.J.K.L W.X.Y.Z

Where: A.B.C.D is the Source address;

E.F.G.H is the Source wildcard bits;

I.J.K.L is the Destination address;

W.X.Y.Z is the Destination wildcard bits;

2) Apply the access list to the VTY interface

Router(config-line)# line vty 0 X

Router(config-line)#access-class 101 in

Step 4: Test

telnet router-IP 3002

銆怑ditor: 钃濋洦娉?/A> TEL锛氾紙010锛?8476606銆?/DIV>

Leave a Comment

Your email address will not be published.